Sophisticated counterfeits of Cisco networking equipment that bypass authentication checks have likely been installed in many business around the world, says a new report.

The analysis by consulting firm F-Secure focuses on fake 2960-X switch devices, which were only discovered when they stopped working following a software upgrade.

F-Secure says bricked devices after an upgrade is often the first sign that a company has inadvertently bought counterfeit equipment, as those involved in the illicit trade are becoming increasingly adept at side-stepping security features.

The study was prompted by an incident last autumn when an IT company called in F-Secure to analyse Cisco Catalyst 2960-X series switches after they failed. As well as checking their authenticity, the consultancy firm was asked to check if there were any “backdoors” in the equipment that could pose a data security risk.

Physically, the fake switches looked almost identical to the genuine devices, with only subtle differences, and the layout of their printed circuit boards (PCBs) was similar.

The fakes didn’t include a holographic sticker, but that didn’t prevent them from being installed and exposes the limitations of this sort of protection, and there were also differences in the flash memory and Ethernet chips installed.

Colour-shifting film: A proven, anti-counterfeiting solution for brand protection and product authentication

The counterfeits “reached their goal of circumventing the implemented platform authentication checks with similar means on the software level by relying on patching the loaded and authenticated application image before control was passed over to the application,” says the report.

One of the fakes also had add-on circuitry designed to circumvent software-based verification of the sensors, while a second switched out a key component – the EEPROM – with a completely new integrated circuit.

That represented “a considerable resource investment in design, manufacture, and testing of such forged products compared to the more low-cost ad-hoc approach” used in the first counterfeit, according to F-Secure.

“The board layout and silkscreen similarities also suggested that the people behind this forgery might have either had access to Cisco proprietary engineering documentation such as PCB design files in order to be able to modify them, or they invested heavily in the complicated process of replicating the original board design files based solely on genuine boards.”

Cisco is waging a war against counterfeiters, with some success, but the premium pricing their equipment commands makes them a constant target. Just over a year ago, the company seized more than $625,000-worth of fake devices in a single day.